Security Incident Response is like firefighting: it’s not something you need everyday, but when you need it, you want the best, and you want it fast. We’re proud to announce our new cyber security incident response team, and we’d like to tell you what they do, and how best to utilize this new service. We …

This one is for you web penetration testers! This new Burp extension is designed to help with efficiency when you are testing a complex application full of parameters or a series of applications and just do not have enough time to thoroughly analyze each one. It analyzes all the parameters in your in-scope traffic and …

First thing’s first: What is Splunk and why do I want or need it? The short is answer is Splunk is a data analytics tool that indexes system logs across different machines and appliances so that they’re searchable. Data analysis, event monitoring, compliance, and overall management oversight can be gleaned from this tool. Splunk takes …

Last week I was able speak at MIRcon 2013 about how to use ModSecurity to discover attack activity and defend your environment. The presentation started out by discussing a fair bit of background information on ModSecurity and how it works. This was really important since ModSecurity can get a bit involved when setting it up. …

Most everyone in the U.S. is aware that its not uncommon for the Mississippi River to flood in the spring. Even though the river has a series of locks and dams, they are intended for navigation, not flood control. In fact back it the days of Mark Twain there were spot in the Mississippi River …

In July, my daughter, Brenna (11yo) and I presented at the SANS Denver event. She has long wanted to present with me and we both thought this talk was the perfect one to do. In it, we walk through the various privacy concerns mobile applications and devices have. We do this by looking at the …

This past February, my fellow colleague James Jardine wrote an excellent blog post called “Decoding F5 Cookie” where he described in detail how F5 load balancers use a persistence cookie (called the BigIP cookie) and how to use a standalone script to decode the value exposing the IP and port of a back end resource. …

A while back I had to deal with a compromised web server for some folks. They had some WordPress sites with a vulnerable plugin and found that attackers were putting up malicious web pages for other victims to view. The owners of the sites were understandably upset. The malicious files names didn’t follow much of …

Over the past three months, James Jardine and Kevin Johnson were featured in a webcast trilogy titled “Ninja Developers.” The series was presented through the SANS Institute and an archive of each episode can be found on the SANS website (links provided below). The purpose of the presentations is to reach out to developers and …